jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has
been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.
Metrics
Affected Vendors & Products
References
History
Mon, 11 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat acm
Redhat multicluster Engine |
|
CPEs | cpe:/a:redhat:acm:2.10::el9 cpe:/a:redhat:acm:2.9::el8 cpe:/a:redhat:multicluster_engine:2.4::el8 cpe:/a:redhat:multicluster_engine:2.5::el8 |
|
Vendors & Products |
Redhat acm
Redhat multicluster Engine |
Thu, 31 Oct 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift_data_foundation:4.17::el9 |
Thu, 08 Aug 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat service Mesh
|
|
CPEs | cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9 |
|
Vendors & Products |
Redhat service Mesh
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-09T00:43:06.930Z
Updated: 2024-08-02T00:48:49.416Z
Reserved: 2024-03-06T17:35:00.856Z
Link: CVE-2024-28176
Vulnrichment
Updated: 2024-08-02T00:48:49.416Z
NVD
Status : Awaiting Analysis
Published: 2024-03-09T01:15:07.147
Modified: 2024-11-21T09:05:57.947
Link: CVE-2024-28176
Redhat